HTTP Headers Analysis for https://bestpractices.dev

Detected Technologies from Headers

See all in URL Inspect 5

GitHub Active incidents

Gravatar

Fastly

Heroku

Varnish

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=300

Content-Security-Policy

Strong

default-src; base-uri; form-action; +5 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Present

fullscreen=(), geolocation=(), midi=(); +10 more

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains

Performance Headers

Accept-Ranges

Performance

bytes

Connection

Performance

close

Vary

Performance

Accept-Encoding

accept-ranges: bytes
connection: close
vary: Accept-Encoding

Caching Headers

Cache-Control

Caching

private, no-store

Etag

Caching

W/"8e9a45c047aa62a99643c3aa17c2d558"

cache-control: private, no-store
etag: W/"8e9a45c047aa62a99643c3aa17c2d558"

Content Headers

Content-Length

Content

20267

Content-Type

Content

text/html; charset=utf-8

content-length: 20267
content-type: text/html; charset=utf-8

Server Headers

Server

Heroku

X-Runtime

Server

0.003438

server: Heroku
x-runtime: 0.003438

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: _BadgeApp_session=jqw5m4AbU0M8G8QrcVdC%2FQzkGmVIs%2BlCGCdU8E6kamudH5owRyMBBNeYGaWxmULAAw%2F9zxijNQVgNA27mg1cAB3S19YTAegYPoQcApRlhGaCCYEGqN0QSQXO91Vq%2FjV9Pz5MsPlFcLByjYd072DG4s2661sh8FFJqesFtrpbcxScKpE%2FMTWxNFNJX%2B18To0QIOxKnBhjzACPU92sW6fboq1oVnvFs%2BAu5KaQIC4jrAYXyLsG4YAsr%2BhPRHu%2FvXEZqnEKb%2BezsWXj8bVHgpqu%2Fk%2F7UDuf8u%2FkEw%3D%3D--oR34LE5K70FNQh3F--dc9VG5SiRD2URDEvYi%2FO%2Fw%3D%3D; path=/; secure; httponly; samesite=lax

Other Headers

Date

Other

Thu, 23 Apr 2026 16:55:50 GMT

Feature-Policy

Other

fullscreen 'none'; geolocation 'none'; midi 'none';notifications 'none'; push 'none'; sync-xhr 'none'; microphone 'none';camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none';vibrate 'none'; payment 'none'

Nel

Other

Report-To Group heroku-nel max-age: 1h

success: 1.0% failure: 10.0%

Report-To

Other

Group heroku-nel max-age: 1h

Endpoint 1 https://nel.heroku.com/reports?s=jJcIgZjokFKNIzrwvMUiZ3jKEdArqsvcnTIaNQ7X4OQ%3D&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&ts=1776963350

Reporting-Endpoints

Other

heroku-nel="https://nel.heroku.com/reports?s=jJcIgZjokFKNIzrwvMUiZ3jKEdArqsvcnTIaNQ7X4OQ%3D&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&ts=1776963350"

Via

Other

1.1 heroku-router, 1.1 varnish

X-Cache

Other

MISS

X-Cache-Hits

Other

0

X-Download-Options

Other

noopen

X-Permitted-Cross-Domain-Policies

Other

none

X-Request-Id

Other

d7d1e754-14ef-ebd9-7624-e7df6ee4cefb

X-Served-By

Other

cache-pdk-kpdk2140066-PDK

X-Timer

Other

S1776963350.414616,VS0,VE66

date: Thu, 23 Apr 2026 16:55:50 GMT
feature-policy: fullscreen 'none'; geolocation 'none'; midi 'none';notifications 'none'; push 'none'; sync-xhr 'none'; microphone 'none';camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none';vibrate 'none'; payment 'none'
nel: {"report_to":"heroku-nel","response_headers":["Via"],"max_age":3600,"success_fraction":0.01,"failure_fraction":0.1}
report-to: {"group":"heroku-nel","endpoints":[{"url":"https://nel.heroku.com/reports?s=jJcIgZjokFKNIzrwvMUiZ3jKEdArqsvcnTIaNQ7X4OQ%3D\u0026sid=af571f24-03ee-46d1-9f90-ab9030c2c74c\u0026ts=1776963350"}],"max_age":3600}
reporting-endpoints: heroku-nel="https://nel.heroku.com/reports?s=jJcIgZjokFKNIzrwvMUiZ3jKEdArqsvcnTIaNQ7X4OQ%3D&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&ts=1776963350"
via: 1.1 heroku-router, 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-request-id: d7d1e754-14ef-ebd9-7624-e7df6ee4cefb
x-served-by: cache-pdk-kpdk2140066-PDK
x-timer: S1776963350.414616,VS0,VE66

Recommendations

Enable compression (gzip/brotli) to improve performance